wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19755 commits 20 branches 302 tags 153 MiB
Commit graph

1846 commits

Author SHA1 Message Date
Matt Caswell
19044d3c22 Add documentation for the -sctp option in command line apps 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3305)
 2017-04-25 14:47:50 +01:00
Matt Caswell
f7b3cb2ad0 Fix doc-nits issue 
BIO_lookup_ex() should be in the NAME section

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Matt Caswell
561f6f1ed2 Address review feedback for the SCTP changes 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Matt Caswell
e829142846 Document BIO_lookup_ex() 
We also change the enum type to an int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
 2017-04-24 18:09:01 +02:00
Camille Guérin
7643a1723e Fixed typo in X509_STORE_CTX_new description 
'X509_XTORE_CTX_cleanup' ->  'X509_STORE_CTX_cleanup'
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3271)
 2017-04-22 18:26:38 -04:00
Marek Klein
0444c52a5f explicitText encoding 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/576)
 2017-04-20 14:52:02 -04:00
Rich Salz
87b81496fe Document Next Protocol Negotiation APIs 
Add callback function prototypes, fix description

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3084)
 2017-04-19 12:38:27 -04:00
Thiago Arrais
800b5dac00 update docs because depth refers only to intermediate certs 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3132)
 2017-04-18 11:06:27 -04:00
Todd Short
3bb0f989b5 OCSP Updates: error codes and multiple certificates 
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage

RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.

Update some missing X509 errors in documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
 2017-04-12 14:41:10 -04:00
Benjamin Kaduk
8313a787d7 Allow an ALPN callback to pretend to not exist 
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.

In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols.  However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so.  Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback.  In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)
 2017-04-10 11:57:37 -04:00
Rich Salz
2f61bc2ea3 Use 'over 2' for bullet lists. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:48:19 -04:00
Rich Salz
e1271ac221 Standardize on =over 4 and check for it. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:30:04 -04:00
Rich Salz
8c32663cdd Add missing =back 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:30:04 -04:00
Rich Salz
076fc55527 Make default_method mostly compile-time 
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
 2017-04-07 12:19:46 -04:00
Matt Caswell
cd17bb190c Prefix custom extension API callback types with SSL_ 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Matt Caswell
64350ab587 Various style tweaks based on feedback 
Style updates for the new custom extensions API

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Matt Caswell
314aec07ef Add documentation for the new custom extensions API 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Dr. Stephen Henson
5a185729a3 Document new ssl(3) functions and options. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
 2017-04-03 23:47:22 +01:00
Matt Caswell
508fafd8ef Add documentation for SSL_get_server_tmp_key() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3114)
 2017-04-03 19:18:47 +01:00
Kazuki Yamaguchi
a8e75d5680 Fix a typo in the SSL_get_max_early_data() declarations 
SSL_get_max_early_data() recently added by 3fc8d85610 ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
 2017-04-03 13:45:39 +01:00
Jon Spillett
1c7ae3dd9e Add SSL_dup description 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3085)
 2017-03-30 14:18:11 +02:00
Pauli
c4de074e63 Documentation updates 
Fix capitilistion of list items.
Wrap long lines.
Add full stops to the ends of sentances.
Change ciphersuite to cipher suite in all of doc.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3082)
 2017-03-30 14:16:41 +02:00
Pauli
3fd5ece39b Documentation cleanup for man1/enc.pod 
[skip ci]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3073)
 2017-03-30 00:40:31 +02:00
Pauli
d7735c1eec Documentation cleanup for man1/nseq.pod 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3074)
 2017-03-29 09:43:04 +01:00
Pauli
829e4d5582 Documentation clean up for man1/list.pod 
[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3072)
 2017-03-29 09:40:56 +01:00
Steven Collison
209fac9f8a doc: Add stitched ciphers to EVP_EncryptInit.pod 
These ciphers don't appear to be documented anywhere. Given the
performance[1] benefits I think it makes sense to expose them.

[1] https://software.intel.com/sites/default/files/open-ssl-performance-paper.pdf

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3067)
 2017-03-29 09:31:39 +01:00
Steven Collison
254b58fd73 doc: Add missing options in s_{server,client} 
These were added to the help in ad775e04f6 but not the pods.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3065)
 2017-03-29 09:25:44 +01:00
Jon Spillett
8c55c46147 Add documentation for SNI APIs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3071)
 2017-03-29 07:26:41 +02:00
Rich Salz
a01dbac232 Remove duplicate doc 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3068)
 2017-03-29 07:18:57 +02:00
FdaSilvaYY
69687aa829 More typo fixes 
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
 2017-03-29 07:14:29 +02:00
Jon Spillett
7bd278957d Typo in SSL_CTX_sess_number.pod - started 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
edb79c3a34 Tidy up the SSL options in SSL_CTX_set_options.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
3aaa1bd076 SSL_CTX_use_PrivateKey_file uses private key, not certificate 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
d5d5b5fc77 Typo in SSL_CONF_cmd_argv.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
f5f85f755d Typo in SSL_CONF_CTX_set1_prefix.pod - change SSL_CTX_cmd to SSL_CONF_cmd 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
818f861756 Typo in SSL_CONF_CTX_set_flags.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
09fdfa4b2f Add documentation for SSL_*_ex_data() functions 
[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3050)
 2017-03-28 21:50:13 +02:00
Jon Spillett
86fde069d4 Add documentation for SSL version methods 
[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3049)
 2017-03-28 20:13:30 +02:00
Matt Caswell
249e3a1b20 Provide documentation for some state machine related functions 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3051)
 2017-03-28 15:46:40 +01:00
Dr. Stephen Henson
8845e02a74 update README 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)
 2017-03-28 15:43:42 +01:00
Dr. Stephen Henson
d218f3c331 Add X25519 doc 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)
 2017-03-28 15:43:41 +01:00
Dr. Stephen Henson
0af8fd6085 fix typo 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)
 2017-03-28 15:43:41 +01:00
Matt Caswell
b31db50528 Provide documentation for missing SSL_SESSION_* functions 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052)
 2017-03-28 15:15:41 +01:00
Emilia Kasper
24053693b0 X509_cmp_time.pod: fix doc nits 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2017-03-28 14:40:25 +02:00
Emilia Kasper
4ac139b49a Add documentation for X509 time functions 
[ci skip]

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2017-03-28 12:22:32 +02:00
Zack Williams
a41815f05e "any" instead of "and" 
The "and" should be an "any"

Fixed in LibreSSL's docs: http://man.openbsd.org/man5/x509v3.cnf.5#Subject_alternative_name

CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2980)
 2017-03-24 13:43:21 +01:00
Rich Salz
3ba4dac67a Look for comma before - in POD pages 
[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)
 2017-03-23 13:18:31 -04:00
Rich Salz
2ca2e9175d Document BIO_printf family 
Also fix an error in UI_STRING (typo; wrong case).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2999)
 2017-03-20 16:25:22 -04:00
Richard Levitte
cdd6c8c578 Fix docs for X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() 
They both return 2 when the revoked entry that's found has the reason
removeFromCRL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2993)
 2017-03-20 14:35:31 +01:00